CVE-2023-43482

A command execution vulnerability exists in the guest resource functionality of Tp-Link ER7206 Omada Gigabit VPN Router 1.3.0 build 20230322 Rel.70591. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this...

Command injection

A post authentication command injection vulnerability exists in the ipsec policy functionality of Tp-Link ER7206 Omada Gigabit VPN Router 1.3.0 build 20230322 Rel.70591. A specially crafted HTTP request can lead to arbitrary command injection. An attacker can make an authenticated HTTP request to...

Total Upkeep < 1.15.9 - Improper Authorization to Unauthenticated Arbitrary File Download

Description The Total Upkeep – WordPress Backup Plugin plus Restore & Migrate by BoldGrid plugin for WordPress is vulnerable to unauthorized access of data due to an improper authorization check in all versions up to, and including, 1.15.8. This makes it possible for unauthenticated attackers to...

SUSE SLES15 Security Update : kernel RT (Live Patch 5 for SLE 15 SP5) (SUSE-SU-2024:0348-1)

The remote SUSE Linux SLES15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:0348-1 advisory. - A use-after-free vulnerability was found in drivers/nvme/target/tcp.c in nvmettcpfreecrypto due to a logical bug in the NVMe-oF/TCP subsystem...

CVE-2024-0797 Active Products Tables for WooCommerce. Professional products tables for WooCommerce store <= 1.0.6.1 - Missing Authorization

The Active Products Tables for WooCommerce. Professional products tables for WooCommerce store plugin for WordPress is vulnerable to unauthorized access of functionality due to a missing capability check on several functions in all versions up to, and including, 1.0.6.1. This makes it possible fo...

CVE-2024-22208 phpMyFAQ sharing FAQ functionality can easily be abused for phishing purposes

phpMyFAQ is an Open Source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. The 'sharing FAQ' functionality allows any unauthenticated actor to misuse the phpMyFAQ application to send arbitrary emails to a large range of targets. The phpMyFAQ application has a...

CVE-2023-50935

IBM PowerSC 1.3, 2.0, and 2.1 fails to properly restrict access to a URL or resource, which may allow a remote attacker to obtain unauthorized access to application functionality and/or resources. IBM X-Force ID: 275115...

Code injection

IBM PowerSC 1.3, 2.0, and 2.1 fails to properly restrict access to a URL or resource, which may allow a remote attacker to obtain unauthorized access to application functionality and/or resources. IBM X-Force ID: 275115...

CVE-2023-50941 IBM PowerSC session fixation

IBM PowerSC 1.3, 2.0, and 2.1 does not provide logout functionality, which could allow an authenticated user to gain access to an unauthorized user using session fixation. IBM X-Force ID: 275131...

PT-2024-1440 · Kaspersky · Kaspersky Security 8.0 For Linux Mail Server

Name of the Vulnerable Software and Affected Versions: Kaspersky Security 8.0 for Linux Mail Server Description: The issue allows an attacker to potentially force an administrator to click on a malicious link to perform unauthorized actions. This is due to the lack of measures to neutralize speci...

CVE-2023-4551 Command Injection via Task Scheduler

Improper Input Validation vulnerability in OpenText AppBuilder on Windows, Linux allows OS Command Injection. The AppBuilder's Scheduler functionality that facilitates creation of scheduled tasks is vulnerable to command injection. This allows authenticated users to inject arbitrary operating...

CVE-2023-1705

Missing Authorization vulnerability in Forcepoint F|One SmartEdge Agent on Windows bgAutoinstaller service modules allows Privilege Escalation, Functionality Bypass.This issue affects F|One SmartEdge Agent: before 1.7.0.230330-554...

CVE-2023-1705

Missing Authorization vulnerability in Forcepoint F|One SmartEdge Agent on Windows bgAutoinstaller service modules allows Privilege Escalation, Functionality Bypass.This issue affects F|One SmartEdge Agent: before 1.7.0.230330-554...

CVE-2023-1705

Missing Authorization vulnerability in Forcepoint F|One SmartEdge Agent on Windows bgAutoinstaller service modules allows Privilege Escalation, Functionality Bypass.This issue affects F|One SmartEdge Agent: before 1.7.0.230330-554...

CVE-2024-1015

Remote command execution vulnerability in SE-elektronic GmbH E-DDC3.3 affecting versions 03.07.03 and higher. An attacker could send different commands from the operating system to the system via the web configuration functionality of the device...

CVE-2024-1015 Remote command execution vulnerability in SE-elektronic GmbH E-DDC3.3

Remote command execution vulnerability in SE-elektronic GmbH E-DDC3.3 affecting versions 03.07.03 and higher. An attacker could send different commands from the operating system to the system via the web configuration functionality of the device...

CVE-2024-23790

Improper Input Validation vulnerability in the upload functionality for user avatars allows functionality misuse due to missing check of filetypes. This issue affects OTRS: from 7.0.X through 7.0.48, from 8.0.X through 8.0.37, from 2023 through 2023.1.1...

CVE-2024-23790

CVE-2024-23790 describes an Improper Input Validation vulnerability in OTRS avatar upload, caused by missing filetype checks. Affected product versions are: OTRS 7.0.X up to 7.0.48, OTRS 8.0.X up to 8.0.37, and OTRS released in 2023 up to 2023.1.1. Public details in the connected PT-Security advi...

Malicious PyPI Packages Slip WhiteSnake InfoStealer Malware onto Windows Machines

Cybersecurity researchers have identified malicious packages on the open-source Python Package Index PyPI repository that deliver an information stealing malware called WhiteSnake Stealer on Windows systems. The malware-laced packages are named nigpal, figflix, telerer, seGMM, fbdebug, sGMM,...

PT-2024-11942 · Forcepoint · Forcepoint F|One Smartedge Agent

Name of the Vulnerable Software and Affected Versions: Forcepoint F|One SmartEdge Agent versions prior to 1.7.0.230330-554 Description: The issue is related to a Missing Authorization vulnerability in the bgAutoinstaller service modules of Forcepoint F|One SmartEdge Agent on Windows, allowing...